It’s Time to Rethink Endpoint Security Protocols
With the surge in both hybrid work and cyberattacks, specialized endpoint security technologies are struggling to keep pace. Approximately 80% of security decision makers say software alone doesn’t provide enough protection from emerging threats.1 However, these same decision makers allocate only 29% of their security budgets to protecting firmware.1Remote and hybrid employees rely on laptops, smartphones, and other endpoint devices to work, but the point of access to their organization’s computer systems to perform this work also serves as a valuable entry point for cyber criminals. These bad actors take advantage of busy end users (employees, vendors, or customers) from all types of organizations and agencies, without discretion. No one, it seems, is immune.
Our human inclination to trust too often leaves end users falling for cleverly disguised phishing schemes. That’s when malware, ransomware, botnets, APTs, and the like make a beeline—often through known vulnerabilities and unpatched systems—to infiltrate the target’s critical infrastructure, stealing data, demanding ransoms, and creating chaos.
The Cost of Cybercrime
Global costs of cybercrime are projected to reach USD $10.5 trillion by 2025. If cybercrime were a country, those costs would rank number five in GDP. The average cost of a data breach on an individual organization has reached a high of USD $4.45 million so far in 2023.2To thwart cyber threats and the associated financial, operational, and reputational fiascos, organizations have begun moving cybersecurity to the top of their investment priorities. In fact, global spending on cybersecurity products is forecasted to increase 11.7% by the end of 2023, to USD $79.5 billion.3
While investments in these products are mostly necessary, Paul Proctor, former Chief of Research for Risk and Security at Gartner, laments that many organizations seem to regard cybersecurity spending as a metric for determining vulnerability. “‘Are we spending enough on cybersecurity?’ is a question Gartner clients ask all the time,” Proctor told listeners during a July 11, 2022, CIO Mind podcast episode.
While some continue seeing cybersecurity as a problem to solve with spending and technology, experts from Deloitte contend the greatest dangers to endpoint security remains weak protocols, practices, and procedures.4
Comprehensive Endpoint Security
Endpoint security practices vary according to individual organizational dynamics; however, cybersecurity experts commonly recommend:- Risk and vulnerability assessments that identify and evaluate the impact of known threats and potential vulnerabilities
- Endpoint protection software, including antivirus, antimalware, intrusion detection and prevention systems, and extra firewalls
- Access controls, such as multi-factor authorization (MFA) and Zero Trust
- CIS Hardening of operating systems
- Hardware-based security enhancements like BitLocker, TPM 2.0, and hardware-level remote control features
- Vendor management policies that ensure third-party vendors follow their strong security practices
- Regular employee training on detecting all-too-common threats, emails, and phishing attempts, learning best practices on using devices securely, and responding to suspicion of malicious activity
- Network segmentation to prevent the spread of malicious activity once it’s detected
While these practices are important, they tend to dominate security discussions and investments, often at the expense of foundational elements: the endpoint device itself, its firmware, and its operating system (OS). If an organization is to protect its systems and data, then it must consider the broader technological ecosystem, including investments in the security of its foundational elements. This holistic approach is what we call comprehensive endpoint security.
Hardware Security
The world’s rapid shift to remote work at the start of the pandemic was disruptive and challenging for organizations. In their haste to keep pace, organizations were sometimes forced to equip employees with less secure devices intended for home use.Modern devices manufactured specifically for business environments contain crucial security components, such as the tamper-proof TPM 2.0 chip now standard in today’s Windows 11 Pro devices. This chip provides specialized encryption features and enables upgraded cutting-edge security functions.
Device Refresh Cycles
As devices age, they lose the capacity to make full use of newer security features and can eventually refuse to accept the installation of OS updates and security patches altogether, leaving security gaps ripe for breaching.Just as cybersecurity software engineers design and continually update software to meet evolving cybersecurity threats, device manufacturers (OEMs) also improve and update hardware and firmware security features over time. To ensure the organization’s devices contribute to strong, comprehensive endpoint security with access to the latest security features, experts have begun advising more expeditious device refresh cycles, from an average of 4.5 years to 2 years.5
In organizations with large numbers of devices, managing refresh cycles—keeping up with procurement, managing vendors, and tracking the age, warranty status, and performance of each device—can be a significant task. To meet this challenge, endpoint security protocols are with increasing frequency directing IT to outsource their organization’s refresh cycle. According to Forrester, 92% of decision makers in IT, operations, and finance agreed that outsourcing the IT refresh cycle was valuable or critical.5
Updated Operating Systems (OS)
As with devices, endpoint cybersecurity protocols and investments may overlook regular maintenance and security of operating systems. While OS updates and security patches are well-known to be critical to reducing vulnerabilities, implementing updates promptly across the hybrid organization can be challenging.At times, concerns arise that attempting to implement updates will disrupt business operations, or that updates will be incompatible with apps. While these fears may have been founded in the past, they’re much less likely to be a problem with modern equipment and updates.
Upgrading Hardware While Deploying Feature OS Updates
While IT can often deploy feature updates without adopting new hardware, doing so can—depending on the age of the device—lead to slower computer performance. It’s not unusual for organizations to rely on feature updates alone, then end up procuring new devices to maintain employee productivity.Upgrading hardware with feature OS updates brings additional ROI as well. For instance, newer laptops and desktops running Windows 11 Pro devices for business add security features tailor-made for hybrid work. This includes hardware-based features like presence-sensing technology that senses when users move away from their device and locks the computer screen automatically.
The benefits of Windows 11 Pro and modern hardware:
- Three-year 250% ROI and payback in less than 6 months6
- Reduces the risk of a successful security attack by 20%6
- Increases productivity for security and IT teams by 20%6
- Reduces the number of incoming help desk tickets by 80%6
Speaking of ROI, it’s always possible that new devices or OS versions will make one or more of the tools you’ve been paying for redundant. Updates frequently do this by providing the same or even better protective features than existing third-party tools—all the more reason for organizations to consider updates as a regular practice.
Stay Informed
Finally, no comprehensive endpoint security strategy is complete without a mandate for leaders and decision makers to stay informed. Staying in the know as a regular practice helps IT learn about hardware and software updates, advances in security technology, and new, advanced security features.The Windows 11 Pro Device Advantage
Neglecting OS version updates is especially inadvisable. Once an update has been released, OS vendors only continue supporting the previous version for a limited time. This will soon be the case for Windows 10 as a whole, which runs out of support in October 2025.
Microsoft has designed Windows 11 Pro to be compatible with 97% of apps. For Windows 10 users, line-of-business software is also compatible. If there is a need for support, organizations can access the Microsoft App Assure program. The upgrade from Windows 10 to Windows 11 Pro is both swift and efficient—performed as a simple update in the Software Update section of the device settings.
Password-less technology is another feature of modern Windows 11 Pro devices that improves security while creating the potential for huge cost savings. IT teams spend significant amounts of time helping employees reset passwords, leading to fewer IT tickets.
Microsoft has designed Windows 11 Pro to be compatible with 97% of apps. For Windows 10 users, line-of-business software is also compatible. If there is a need for support, organizations can access the Microsoft App Assure program. The upgrade from Windows 10 to Windows 11 Pro is both swift and efficient—performed as a simple update in the Software Update section of the device settings.
Password-less technology is another feature of modern Windows 11 Pro devices that improves security while creating the potential for huge cost savings. IT teams spend significant amounts of time helping employees reset passwords, leading to fewer IT tickets.
On-demand Webcast
Level-up Your Device Security with Windows 11 Pro Devices
In this discussion, a panel of experts from Microsoft, Lenovo, and Connection share new insights into the need for hardware security and tell you how to assess your environment to see if it can withstand firmware attacks.Select Your Preferred OEM or Silicon Platform
Learn more about our partner's Windows 11 Pro products and solutions
Windows Endpoint Deployment and Management
Modern Deployment, Modern Provisioning, and Cloud‑based Management
As businesses pivot to the cloud, and shift to stronger endpoints, many IT departments are left scrambling to find ways to support—and keep up with—all the changes required to modernize their infrastructure. Connection’s Windows Endpoint Deployment and Management Services are designed to help your organization create a foundation that can handle all your provisioning and management needs today and into the future.
Take Your Business to the Next Level
Are you looking for ways to boost your business’s protection, efficiency, and productivity? Sign up to learn key benefits and ways that upgrading to Windows 11 Pro devices can help your business address those challenges.
1 Microsoft, 2021, Security Signals
2 IBM, 2023, Cost of a Data Breach Report
3 Canalys, 2023, Cybersecurity investment to grow by 13% in 2023
4 Deloitte, 2023, Endpoint security risks are rising
5 Forrester, 2023, The case for an accelerated device refresh cycle
6 Forrester, 2022, The Total Economic Impact of Windows 11 Pro Devices. Note, quantified benefits reflect results over three years combined into a single composite organization that generates $1 billion in annual revenue, has 2,000 employees, refreshes hardware on a four-year cycle, and migrates the entirety of its workforce to Windows 11 devices.
2 IBM, 2023, Cost of a Data Breach Report
3 Canalys, 2023, Cybersecurity investment to grow by 13% in 2023
4 Deloitte, 2023, Endpoint security risks are rising
5 Forrester, 2023, The case for an accelerated device refresh cycle
6 Forrester, 2022, The Total Economic Impact of Windows 11 Pro Devices. Note, quantified benefits reflect results over three years combined into a single composite organization that generates $1 billion in annual revenue, has 2,000 employees, refreshes hardware on a four-year cycle, and migrates the entirety of its workforce to Windows 11 devices.
10